SlowMist：A brief analysis of the story of the Sushi Swap attack
On November 30, 2020, according to the intelligence of the SlowMist Zone, the Ethereum AMM token exchange protocol Sushi Swap was attacked, and the loss was about 15,000 US dollars. The SlowMist security team immediately intervened in the analysis and shared it in the form of a newsletter for your reference.
The role of the Sushi Maker contract in the Sushi Swap project is to store the handling fee for each transaction pair in Sushi Swap. The handling fee will be stored in the contract in the form of SLP (Proof of Liquidity). There is a convert function in the Sushi Maker contract, which is used to obtain the corresponding tokens by calling the burn function of each trading pair from the fees collected from each trading pair, and then convert these tokens into sushi tokens and add them to Sushi In the Bar contract, the user who pledges sushi tokens in the Sushi Bar increases revenue, and the problem this time lies in the Sushi Maker contract.
1. The attacker selects a trading pair in Sushi Swap, such as USDT/WETH, and then adds liquidity to obtain the corresponding SLP (USDT/WETH Liquidity Proof, hereinafter referred to as SLP), and uses the obtained SLP and another small amount of WETH to create one The new Sushi Swap trading pair will then get the SLP1 (WETH/SLP(USDT/WETH) liquidity certificate, hereinafter referred to as SLP1) of the new token pool and transfer it to the Sushi Maker contract.
2. Call the convert function of Sushi Swap, the passed token0 is the SLP obtained in the first step, and token1 is WETH. After calling the convert function, the Sushi Maker contract will call the burn function of the token pool formed by token0 and token1 to burn SLP1. The attacker will burn SLP1 in the Sushi Maker contract in the first step to get WETH and SLP.
3. The convert function of the Sushi Maker contract will then call the internal _toWETH function to convert the tokens obtained by burn into WETH. In the second step, the Sushi Maker contract obtains SLP and WETH through burn. Among them, WETH does not need to be converted, only SLP is required. At this time, the conversion will be performed by calling the SLP/WETH transaction pair, which is the transaction pair created by the attacker in the first step. Since the Sushi Maker contract converts all balanceOf (token0) into WETH during conversion, the token0 passed in here is the SLP, so the contract converts all SLPs in the contract through the SLP/WETH transaction pair (the converted SLP includes USDT/ The income generated by each swap of the WETH transaction and the SLP obtained by the burn function in the second step of the contract). The SLP/WETH token pool is created by the attacker. The attacker only needs to add a small amount of WETH during initialization, and then during the process of exchanging the Sushi Maker transaction pair, the attacker can exchange a small amount of WETH for the corresponding transaction in the Sushi Maker contract. Right all SLP.
4. The attacker uses the burn function to burn his SLP1 in the SLP/WETH trading pair, gets a large amount of SLP and a small amount of WETH, and continues to repeat the process for other liquidity pools to continue to make profits.
The attacker uses SLP and WETH to create a new token pool, uses the SLP1 of the new token pool to convert in Sushi Maker, and uses a small amount of SLP to transfer all SLPs in the Sushi Maker contract to the token pool created by himself. All the handling fees of the corresponding transaction pair within a period of time will be collected into the bag. Repeat this process for other trading pairs and continue to make profits.
SlowMist Technology is a company focused on blockchain ecological security. It was founded in January 2018 and is headquartered in Xiamen. It was founded by a team with more than ten years of front-line network security attack-defense experiences, and the team members have created the security project with world-class influence. SlowMist Technology is already a top international blockchain security company, served many global well-known projects mainly through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions,” including: cryptocurrency exchanges (such as Huobi, OKEx, Binance, etc.), cryptocurrency wallets (such as imToken, RenrenBit, MYKEY, etc.), smart contracts (such as TrueUSD, HUSD, OKUSD, etc.), DeFi projects (such as : JUST, BlackHoleSwap, DeFiBox, etc.), the underlying public chain (such as EOS, OKChain, PlatON, etc.), there are nearly a thousand commercial customers, customers distributed in more than a dozen major countries and regions.